Question No: 201 – (Topic 3)

You work as a Security manager for Qualoxizz Inc. Your company has number of network switches in the site network infrastructure. Which of the following actions will you perform to ensure the security of the switches in your company?

Open up all the unused management ports.

Set similar passwords for each management port.

Set long session timeouts.

Ignore usage of the default account settings.

Answer: D

Explanation: A switch with a management port using a default user account permits an attacker to intrude inside by making connections using one or more of the well-known default user accounts (e.g., administrator, root, security). Therefore, the default account settings should not be used. Answer: A is incorrect. The unused management ports on a switch should always be blocked to prevent port scanning attacks from the attackers.

Answer: B is incorrect. Setting similar passwords on all management ports increases the vulnerability of password cracking. The matching passwords on all ports can be used by the attacker to break into all ports once the password of one of the ports is known. Answer: C is incorrect. Short timeout sessions should always be set to reduce the session period. If the connections to a management port on a switch do not have a timeout period set or have a large timeout period (greater than 9 minutes), then the connections will be more available for an attacker to hijack them.

Question No: 202 – (Topic 3)

You are the Network Admin for a company. You are concerned about users having access to items they should not. Your concern is that they may inadvertently have been granted access to those resources. When conducting a user access and rights review, which of the following is most likely to show you such unintentional granting of user rights?

IDS Logs

Access Control Lists

Server logs

Group Membership

Answer: D

Explanation: Most often user rights are determined by the groups the user belongs to. In some cases a user may mistakenly be added to a group they should not be. It is also common that a user moves within the organization, but is still retained in their previous group giving them those rights. Answer: B is incorrect. Access Control Lists are usually setup up manually. This means that a person would not likely be inadvertently added. You might want to check the ACL#39;s, and you might find some issues, but this is not the most likely way to find users with inappropriate rights. Answer: C is incorrect. At best server logs can show you if a user accessed a resource. But a user could have access to a resource, and simply not have used that access yet. Answer: A is incorrect. IDS logs will only help you identify potential attacks. Unless you suspect the user of intentionally trying to break into resources, an IDS log will not help in this scenario.

Question No: 203 – (Topic 3)

Brutus is a password cracking tool that can be used to crack the following authentications: HTTP (Basic Authentication) HTTP (HTML Form/CGI) POP3 (Post Office Protocol v3) FTP (File Transfer Protocol) SMB (Server Message Block) Telnet Which of the following attacks can be performed by Brutus for password cracking?

Man-in-the-middle attack

Hybrid attack

Replay attack

Brute force attack

Dictionary attack

Answer: B,D,E

Explanation: Brutus can be used to perform brute force attacks, dictionary attacks, or hybrid attacks.

Question No: 204 – (Topic 3)

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and

embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

Web ripping

Steganography

Email spoofing

Social engineering

Answer: B

Explanation: According to the scenario, John is performing the Steganography technique for sending malicious data. Steganography is an art and science of hiding information by embedding harmful messages within other seemingly harmless messages. It works by replacing bits of unused data, such as graphics, sound, text, and HTML, with bits of invisible information in regular computer files. This hidden information can be in the form of plain text, cipher text, or even in the form of images. Answer: A is incorrect. Web ripping is a technique in which the attacker copies the whole structure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps an attacker to trace the loopholes of the Web site. Answer: D is incorrect. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user#39;s computer or network. This method involves mental ability of the people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer name, IP address, employee ID, or other information that can be misused. Answer: C is incorrect. John is not performing email spoofing. In email spoofing, an attacker sends emails after writing another person#39;s mailing address in the from field of the email id.

Question No: 205 – (Topic 3)

Which of the following backup sites takes the longest recovery time?

Mobile backup site

Warm site

Cold site

Hot site

Answer: C

Explanation: A cold backup site takes the longest recovery time. It is the most inexpensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. The lack of hardware contributes to the minimal startup costs of the cold site, but requires additional time following the disaster to have the operation running at a capacity close to that prior to the disaster. Answer: D is incorrect. A hot site is a duplicate of the original site of the organization, with full computer systems as well as near- complete backups of user data. Real time synchronization between the two sites may be used to completely mirror the data environment of the original site using wide area network links and specialized software. Ideally, a hot site will be up and running within a matter of hours or even less. Answer: A is incorrect. Although a mobile backup site provides rapid recovery, it does not provide full recovery in time. Hence, a hot site takes the shortest recovery time. Answer: B is incorrect. A warm site is, quite logically, a compromise between hot and cold. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. Warm sites will have backups on hand, but they may not be complete and may be between several days and a week old. An example would be backup tapes sent to the warm site by courier.

Question No: 206 – (Topic 3)

Many organizations create network maps of their network system to visualize the network and understand the relationship between the end devices and the transport layer that provide services. Which of the following are the techniques used for network mapping by large organizations? Each correct answer represents a complete solution. Choose three.

Route analytics

Active Probing

SNMP-based approaches

Packet crafting

Answer: A,B,C

Explanation: Many organizations create network maps of their network system. These maps can be made manually using simple tools such as Microsoft Visio, or the mapping process can be simplified by using tools that integrate auto network discovery with Network mapping. Many of the vendors from the Notable network Mappers list enable a user to do the following: Customize the maps Include one#39;s own labels Add un-discoverable items

Add background images Sophisticated mapping is used to help visualize the network and understand relationships between end devices and the transport layers that provide service. Items such as bottlenecks and root cause analysis can be easier to spot using these tools. There are three main techniques used for network mapping: SNMP-based approaches, Active Probing, and Route analytics. The SNMP-based approach retrieves data from Router and Switch MIBs in order to build the network map. The Active Probing approach relies on a series of trace route like probe packets in order to build the network map. The Route analytics approach relies on information from the routing protocols to build the network map. Each of the three approaches has advantages and disadvantages in the methods that they use. Answer: D is incorrect. Packet crafting is a technique that allows probing firewall rule-sets and finding entry points into the targeted system or network. This can be done with a packet generator. A packet generator is a type of software that generates random packets or allows the user to construct detailed custom packets. Packet generators utilize raw sockets. This is useful for testing implementations of IP stacks for bugs and security vulnerabilities.

Question No: 207 – (Topic 3)

You have been assigned a project to develop a Web site for a construction company. You plan to develop a Web site and want to get more control over the appearance and presentation of the Web pages. You also want to increase your ability to precisely specify the position and appearance of the elements on a page and create special effects. You plan to use cascading style sheets (CSS). You want to define styles only for the active page. Which type of style sheet will you use?

Embedded Style Sheet

Inline Style Sheet

Internal Style Sheet

External Style Sheet

Answer: A

Explanation: To define styles only for the active page you should use embedded style sheet. Cascading style sheets (CSS) are used so that the Web site authors can exercise greater control on the appearance and presentation of their Web pages. And also because they increase the ability to precisely point to the location and look of elements on a Web page and help in creating special effects. Cascading Style Sheets have codes, which are interpreteA, Dpplied by the browser on to the Web pages and their elements. There are three types of cascading style sheets. External Style Sheets Embedded Style Sheets Inline

Style Sheets External Style Sheets are used whenever consistency in style is required throughout a Web site. A typical external style sheet uses a .css file extension, which can be edited using a text editor such as a Notepad. Embedded Style Sheets are used for defining styles for an active page. Inline Style Sheets are used for defining individual elements of a page. Reference: TechNet, Contents: Microsoft Knowledgebase, February 2000 issue PSS ID Number: Q179628 You want to enable Host A to access the Internet. For this, you need to configure the default gateway settings. Choose the appropriate address to accomplish the task.

Question No: 208 – (Topic 3)

You want to monitor the network infrastructure of a software-based company. The network infrastructure of the company consists of the following: Windows TCP/IP services Web and mail servers URLs Applications (MS Exchange, SQL etc.) Which of the following network monitoring solutions can you use to accomplish the task?

Axence nVision

CommandCenter NOC

Netmon

Cymphonix Network Composer

Answer: A

Explanation: Axence nVision is an advanced solution for a comprehensive network management. It is used to monitor network infrastructure such as Windows, TCP/IP services, web and mail servers, URLs, and applications (MS Exchange, SQL, etc.). It is also used to monitor routers and switches such as network traffic, interface status, and connected computers. It collects the network inventory and audit license usage. It also gives alerts in case of a program installation or any configuration change on a remote node. With the agent, an administrator can easily monitor user activities and can access computers remotely. Answer: B is incorrect. CommandCenter NOC is a simple and effective tool that performs network monitoring with a powerful polling engine. It provides polling, Windows and UNIX/Linux server management, intrusion detection, vulnerability scanning, and traffic analysis in an integrated appliance. Answer: D is incorrect. Cymphonix Network Composer is a precise Web gateway appliance. It is used to monitor Internet traffic by user, application, and threat. It consists of controls to shape access to Internet resources by user, group, and/or time of day. It also supports anonymous proxy blocking, policy management, and real time monitoring. Answer: C is incorrect. Network Monitor

(Netmon) is a protocol analyzer. It is used to analyze the network traffic. It is installed by default during the installation of the operating system. It can be installed by using Windows Components Wizard in the Add or Remove Programs tool in Control Panel. Network Monitor is used to perform the following tasks:

Capture frames directly from the network.

Display and filter captured frames immediately after capture or a later time.

Edit captured frames and transmit them on the network.

Capture frames from a remote computer.

Question No: 209 – (Topic 3)

You work as a Network Administrator for Techpearl Inc. You are configuring the rules for the firewall of the company. You need to allow internal users to access secure external websites. Which of the following firewall rules will you use to accomplish the task?

TCP 172.16.1.0/24 any any 80 HTTP permit

TCP 172.16.1.0/24 any any 25 SMTP permit

TCP 172.16.1.0/24 any any 80 HTTP deny

TCP 172.16.1.0/24 any any 443 HTTPs permit

Answer: D

Explanation: The TCP 172.16.1.0/24 any any 443 HTTPs permit rule is used to allow internal users to access secure external websites. Answer: A is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP permit rule is used to allow internal users to access external websites (secure amp; unsecure both). Answer: C is incorrect. The TCP 172.16.1.0/24 any any 80 HTTP deny rule is used to deny internal users to access external websites. Answer: B is incorrect. The TCP 172.16.1.0/24 any any 25 SMTP permit rule is used to allow internal mail servers to deliver mails to external mail servers.

Question No: 210 – (Topic 3)

Which of the following statements is true about the Digest Authentication scheme?

A valid response from the client contains a checksum of the username, the password, the given random value, the HTTP method, and the requested URL.

In this authentication scheme, the username and password are passed with every request, not just when the user first types them.

The password is sent over the network in clear text format.

It uses the base64 encoding encryption scheme.

Answer: A

Explanation: The Digest Authentication scheme is a replacement of the Basic Authentication scheme. This authentication scheme is based on the challenge response model. In Digest authentication, the password is never sent across the network in clear text format but is always transmitted as an MD5 digest of the user#39;s password. In this way, the password cannot be determined with the help of a sniffer.

How does it work? In this authentication scheme, an optional header allows the server to specify the algorithm used to create the checksum or digest (by default, the MD5 algorithm). The Digest Authentication scheme provides the challenge using a randomly chosen value. This randomly chosen value is a server-specified data string which may be uniquely generated each time a 401 response is made. A valid response contains a checksum (by default, the MD5 checksum) of the username, the password, the given random value, the HTTP method, and the requested URL. In this way, the password is never sent in clear text format. Drawback: Although the password is not sent in clear text format, an attacker can gain access with the help of the digested password, since the digested password is really all the information needed to access the web site. Answer: B, C, D are incorrect. These statements are true about the Basic Authentication scheme.